This section lists the known bugs and issues with SGD version 4.63.
Problem: Issues with seamless windows might be encountered when the user restarts a Windows application after closing it down. The problem is seen when the application is hosted on a Windows Server 2008 R2 server.
Cause: A known problem with some versions of the SGD Enhancement Module.
Solution: Ensure that the version of the SGD Enhancement Module running on the Windows application server is the same as the SGD server version.
Problem: On Solaris 10 OS x86
platforms, enabling Integrated mode when you are logged in as
the root
user does not add applications to
the Solaris 10 Launch menu. You might also see the following
warning:
gnome-vfs-modules-WARNING **: Error writing vfolder configuration file "//.gnome2/vfolders/applications.vfolder-info": File not found.
Cause: A known issue with the Gnome Virtual File System (VFS).
Solution: No solution is currently available.
Problem: Using Internet Explorer 7 on Microsoft Windows Vista platforms, the SGD Client cannot be downloaded and installed automatically. The SGD Client can be installed manually and can be installed automatically using another browser, such as Firefox.
Cause: Internet Explorer has a Protected Mode that prevents the SGD Client from downloading and installing automatically.
Solution: Add the SGD server to the list of Trusted Sites in Internet Explorer's Security Settings.
Problem: If Java technology is enabled in your browser settings, but a Java Plugin tool is not installed on the client device, the SGD webtop does not display. The login process halts at the splash screen.
Cause: SGD uses the browser settings to determine whether to use Java technology.
Solution: Install the Java Plugin tool and create a symbolic link from the browser plug-ins directory to the location of the Java Virtual Machine (JVM) software. Refer to your browser documentation for more information.
Problem: When using a Canadian French (legacy) keyboard layout with Windows applications, some French characters are printed incorrectly.
Cause: A known issue with Canadian French (legacy) keyboard layouts.
Solution: No known solution. A compatible keymap file is not supplied with SGD at present.
Problem: On Solaris 10 OS,
font errors are reported and there are display problems when
starting the VirtualBox software from a Java Desktop System
desktop session that is displayed using MyDesktop. The problem
is seen when using Xsession.jds
as the
Application Command for the MyDesktop application object.
Cause: Unavailable fonts on the SGD X server.
Solution: When starting the
VirtualBox software from the Java Desktop System desktop
session, use the -fn
option to specify valid
fonts. Alternatively, install the missing fonts on the SGD
server. See the
Oracle Secure Global Desktop 4.6 Administration Guide for more
details about using fonts with SGD.
Problem: On Microsoft Windows client devices with Japanese locales, Kana mode is not available for Solaris OS applications.
Cause: On Microsoft Windows client devices, the SGD Client uses ASCII for Kana mode. Solaris OS applications use Unicode for Kana mode.
Solution: On the Microsoft
Windows client device, add a new system variable
TARANTELLA_KEYBOARD_KANA_SOLARIS
. Set the value
of this system variable to 1
.
Problem: When using LDAP to
authenticate users, Windows applications can fail to start if
the distinguished name (DN) of the user contains more than one
single straight quotation mark ('
).
Cause: A known issue.
Solution: The workaround is
to edit the wcpwts.exp
login script. This
script is in the
/opt/tarantella/var/serverresources/expect
directory on the SGD server.
Locate the following entry in the
wcpwts.exp
script:
regsub {'} $value {'"'"'} value
Edit the entry to read as follows:
regsub -all {'} $value {'"'"'} value
Problem: Using the tarantella array list_backup_primaries command on an SGD server that has been stopped and then detached from an array returns a “Failed to connect” error.
Cause: A known issue.
Solution: Restart the detached SGD server before using the tarantella array list_backup_primaries command.
Problem: Users running the HyperTerminal application in a Windows desktop session experience problems when they try to resume the desktop session from another client device. The HyperTerminal application is unresponsive and cannot be closed down.
Cause: A known issue with HyperTerminal when resuming Windows desktop sessions from another client device (also called “session grabbing”).
Solution: Close down the HyperTerminal application before you resume the Windows desktop session from another client device.
Problem: The load-balancing JavaServer Page (JSP) used by SGD for load balancing of user sessions does not work. A Java warning message might be shown.
Cause: To use the load-balancing JSP, Java technology must be enabled on the client device.
Solution: Do one of the following:
Enable Java technology in the browser on the client device.
Use the SGD Gateway to load balance user sessions. This is the preferred solution, as the load-balancing JSP might not be available in future releases. See the Oracle Secure Global Desktop 4.6 Gateway Administration Guide for details of how to install and configure the SGD Gateway.
Problem: Audio might not play
in X applications that are hosted on 64-bit Linux application
servers. The issue is seen for X applications that are
hard-coded to use the /dev/dsp
or
/dev/audio
device, and the Audio
Redirection Library
(--unixaudiopreload
)
attribute is enabled.
Cause: A known issue. A 64-bit SGD Audio Redirection Library is not included in the SGD Enhancement Module.
Solution: No known solution at present.
Problem: On Solaris 10 OS Trusted Extensions platforms, startup times for Windows applications and X applications might be longer than expected.
Cause: By default, the X Protocol Engine attempts to connect to X display port 10. This port is unavailable when using Solaris 10 OS Trusted Extensions. After a period of time, the X Protocol Engine connects on another X display port and the application starts successfully.
Solution: Do either of the following:
Change the default minimum display port used by the SGD server.
Configure the following setting in the
xpe.properties
file in the
/opt/tarantella/var/serverconfig/local
directory on the SGD server:
tarantella.config.xpeconfig.defaultmindisplay=11
Restart the SGD server after making this change.
Exclude the unavailable port from use by the X Protocol Engine.
In the Administration Console, go to the Protocol Engines, X
tab for each SGD server in the array and type
-xport
portnum
in the Command-Line Arguments field, where
portnum
is the TCP port number to
exclude.
Alternatively, use the following command:
$ tarantella config edit --xpe-args "-xport portnum
"
For example, to exclude X display port 10 from use by the X Protocol Engine:
$ tarantella config edit --xpe-args "-xport 6010"
The changes made take effect for new X Protocol Engines only. Existing X Protocol Engines are not affected.
Problem: When using a smart card to log in to a Windows application session from a Ubuntu 10.04 Linux client device, the SGD Client hangs after the user exits the authenticated application session. The user might not be able to start any further applications or log out from SGD.
Cause: A known issue with version 1.5.3 of PCSC-Lite on Ubuntu client platforms.
Solution: Update to the latest version of PCSC-Lite on the client device.
Problem: Error messages about
ThreadLocal memory leaks are written to the Tomcat JSP container
log file at
/opt/tarantella/webserver/tomcat/
.
Operation of SGD is not affected.
tomcat-version
/logs/catalina.out
Cause: A known issue with the memory leak detection feature of Tomcat.
Solution: No known solution. The issue will be fixed in future releases of Tomcat.
Problem: A Windows client device is allocated multiple client access licences (CALs). A CAL is incorrectly allocated each time a Windows application is started.
Cause: A known issue if the
HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing
key or any of its subkeys are missing from the Windows registry
on a client device. This issue affects Microsoft Windows Vista
and Microsoft Windows 7 platforms.
Solution: Recreate the missing keys, by starting the Remote Desktop Connection with administrator privileges. See Microsoft Knowledge Base article 187614 for more details.
Problem: After 90 days, users cannot connect to SGD using a version 4.5 Gateway. After upgrading a Gateway to version 4.6, users cannot connect to SGD.
Cause: Version 4.5 of the SGD Gateway uses self-signed certificates that are valid for only 90 days. This affects the default self-signed SSL certificate used for client connections to the Gateway, as well as the Gateway certificate and the certificate used for the Reflection service.
After upgrading a Gateway to version 4.6, users cannot connect to SGD because the Gateway self-signed certificates have been replaced.
Solution: If you are using a version 4.5 Gateway, upgrade to version 4.6.
If you have upgraded a Gateway to version 4.6, you need to perform the standard configuration steps for authorizing a Gateway to SGD, as described in “How to Install SGD Gateway Certificates on the SGD Array” on page 16 of the Oracle Secure Global Desktop 4.6 Gateway Administration Guide.
In version 4.6, the Gateway certificate and the certificate for the Reflection service are valid for 3600 days. The default self-signed SSL certificate used for client connections to the Gateway is valid for 365 days. If you have installed your own SSL certificate for client SSL connections, this certificate is preserved when you upgrade.
Problem: PDF printing might not work on Solaris 10 10/09 platforms. The PDF file displays PostScript error messages.
Cause: A known issue with some versions of Ghostscript. SGD uses Ghostscript to convert print jobs into PDF files.
Solution: Install the latest
version of Ghostscript on the SGD server. Ensure that the
symbolic link
/opt/tarantella/var/info/gsbindir
points to
the directory where the new Ghostscript binaries are installed.
This fix has been verified using version 8.71 of Ghostscript.
Problem: SecurID authentication for X applications fails when using the RSA Authentication Agent for PAM. The issue is seen with X applications that are configured to use telnet as the Connection Method.
Cause: A known issue when using the RSA Authentication Agent for PAM.
Solution: Configure the X application object to use SSH as the Connection Method.
Problem: On Ubuntu client platforms, applications displayed in kiosk mode are obscured by the Ubuntu desktop toolbars. The issue is seen when the Compiz window manager is used and visual effects are enabled for the Ubuntu desktop.
Cause: The Compiz window manager does not provide legacy full screen support by default.
Solution: Do either of the following:
Turn off visual effects for the Ubuntu desktop.
Install the Compiz Config Settings Manager and enable the Legacy Fullscreen Support option in the Workarounds plugin.
Changes made only take effect for new application sessions.
Problem: Localized HTML documentation is not available. English documentation is displayed instead.
Cause: A known issue.
Solution: PDF versions of the localized documentation are available from the SGD web server Welcome Page.
Problem: When users select the Print to File menu option in a Windows application displayed through SGD, the print job remains on hold in the print queue on the client device. The issue is seen on Windows Vista and Windows 7 client devices.
Cause: A known issue with some versions of Windows.
Solution: A workaround for Windows Vista is described in Microsoft Knowledge Base article 2022748.
Problem: LDAP login filters are not preserved when you upgrade to version 4.6 of SGD.
Cause: Because of LDAP enhancements introduced in SGD 4.6, any customizations you have made to the LDAP login filters are not preserved on upgrade. See Section 1.1.3, “Active Directory and LDAP Enhancements” for more details of the enhancements.
Solution: Reconfigure your LDAP login filters after upgrading. See the “Filtering LDAP or Active Directory Logins” section in Chapter 2 of the Oracle Secure Global Desktop 4.6 Administration Guide for details of how to configure LDAP login filters.
Problem: When installing the SGD Enhancement Module on 64-bit SUSE Linux platforms, installation of the UNIX audio module fails. The issue is seen when installing on SUSE Linux Enterprise Server 11.
Cause: A known issue on 64-bit SUSE Linux platforms.
Solution: The workaround is
to edit the following files in the
/opt/tta_tem/audio/src/sgdadem
directory:
In the Makefile
file, change all
instances of CFLAGS
to
EXTRA_CFLAGS
.
In the sgdadem.h
file, replace the
following line:
#include <linux/ioctl32.h>
Add the following lines:
#include <linux/version.h> #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,22) #include <linux/ioctl32.h> #endif
After making the changes to the sgdadem.h
file, run the following commands to install and start the audio
module.
# cd /opt/tta_tem/audio/src/sgdadem # make # make install # /opt/tta_tem/bin/tem startaudio
Problem: Using automatic configuration to reconfigure secure connections fails on an SGD server that has been upgraded to version 4.6. The issue is seen on upgraded servers that have previously been configured for secure connections automatically, using the tarantella security enable command.
Errors are reported when you use the tarantella security disable command to restore original security settings.
Cause: A known issue when using tarantella security disable on an upgraded server.
Solution: Run tarantella security disable on the server before you upgrade. Secure connections can then be configured automatically on the upgraded server, by running tarantella security enable.
Problem: LDAP searches into parent organizational units (OUs) in Active Directory do not return any results. The issue is seen in the Administration Console when assigning applications to LDAP users using Directory Services Integration (DSI). LDAP searches into child OUs are unaffected.
Cause: A known issue with the LDAP search filter generated by the Administration Console.
Solution: The workaround is to modify the LDAP search filter.
In the Administration Console, go to the Assigned User Profiles tab for the application object.
In the Advanced Search section, append an
(objectclass=*)
entry to the LDAP search
filter. For example:
ldap:///OU=Users,OU=Marketing,DC=example,DC=com,DC=uk??sub?(objectclass=*)
Problem: Cached passwords for some LDAP users may no longer work following an upgrade from version 4.50.
Cause: A known issue. The naming format for storing LDAP password cache entries has changed since SGD 4.50.
Solution: Contact Oracle
Support or see
https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1316990.1
for details of how to migrate password cache entries.
Problem: Users are unable to start applications, or to access the Administration Console. The issue is seen when the SGD Gateway is configured to use unencrypted HTTP connections between the Gateway and the SGD servers in the array.
Cause: A known issue when connections between the Gateway and the SGD servers in the array are not secure. By default, these connections are secure.
Solution: The workaround is
to edit the Apache reverse proxy configuration file at
/opt/SUNWsgdg/httpd/
.
apache-version
/conf/extra/gateway/httpd-gateway.conf
Comment out the following entry:
ProxyPassReverse / https://gateway.example.com
:443/
Add the following entries:
ProxyPassReverse / http://gateway.example.com
/ ProxyPassReverse / http://gateway.example.com
:80/
where gateway.example.com
is the name
of the SGD Gateway.
Problem: The Java Plugin tool is installed on the client device and Java technology is enabled in your browser settings, but SGD reports that Java is not enabled or installed for the browser. The issue is seen when logging in to SGD using Internet Explorer 9 on Windows client platforms.
Cause: A known issue when using this version of Internet Explorer.
Solution: Use one of the following workarounds.
Before logging in to SGD, enable compatibility view for Internet Explorer. See Microsoft Knowledge Base article 956197 for details of how to do this.
When the Java detection error message is displayed, click the Back button on the browser. To use this workaround, the SGD Client icon must be present in the task bar and should indicate that a connection has been established.
Problem: Active Directory
authentication fails for user names that contain accented
characters, such as the German umlaut character
(ü
).
The following error is shown in the log output when using the
server/login/info
log filter:
javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31)
Cause: Active Directory authentication uses the Kerberos authentication protocol. This is a known issue when Kerberos authentication is configured to use DES encryption.
Solution: The workaround is
to disable the use of DES encryption in the
krb5.conf
Kerberos configuration file on
the SGD server.
Include the following lines in the
[libdefaults]
section of the
krb5.conf
file.
[libdefaults] default_tgs_enctypes = rc4-hmac des3-cbc-sha1 aes128-cts aes256-cts default_tkt_enctypes = rc4-hmac des3-cbc-sha1 aes128-cts aes256-cts
Problem: Secure connections to the Gateway using SSL do not alway use high grade ciphers.
Cause: By default, the Gateway supports a wide range of cipher suites, including some low and medium grade ciphers.
See Section 2.3.4, “Supported Cipher Suites for SSL Connections” for a list of supported cipher suites for SSL connections.
Solution: Configure the Gateway to use a specific set of ciphers, as follows:
Stop the Gateway.
# /opt/SUNWsgdg/bin/gateway stop
In the /opt/SUNWsgdg/etc
directory
create a file called ciphersuites.xml
that contains a list of the required ciphers. For example:
<ciphersuites> <cipher>SSL_RSA_WITH_RC4_128_MD5</cipher> <cipher>SSL_RSA_WITH_RC4_128_SHA</cipher> <cipher>TLS_RSA_WITH_AES_128_CBC_SHA</cipher> <cipher>TLS_RSA_WITH_AES_256_CBC_SHA</cipher> <cipher>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</cipher> <cipher>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</cipher> <cipher>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</cipher> <cipher>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</cipher> <cipher>SSL_RSA_WITH_3DES_EDE_CBC_SHA</cipher> <cipher>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</cipher> <cipher>SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA</cipher> </ciphersuites>
Add the following entries to the
/opt/SUNWsgdg/etc/gateway.xml
file, so
that it includes ciphersuites.xml
.
<service id="sgd-ssl-service" class="SSL"> ... <keystore file="/opt/SUNWsgdg/proxy/etc/keystore.client" password="/opt/SUNWsgdg/etc/password"/> <xi:include href="ciphersuites.xml" parse="xml"/> </service> ... <service id="http-ssl-service" class="SSL"> ... <keystore file="/opt/SUNWsgdg/proxy/etc/keystore.client" password="/opt/SUNWsgdg/etc/password"/> <xi:include href="ciphersuites.xml" parse="xml"/> </service>
Restart the Gateway.
# /opt/SUNWsgdg/bin/gateway start
Problem: Users with Sun Type 7 Japanese keyboards cannot input characters correctly using SGD.
Cause: Missing Solaris OS keytable on the client device.
Solution: Install the appropriate patch to install the keytable on the client device.
Platform | Patch |
---|---|
Solaris 10 OS on SPARC platforms | 121868 |
Solaris 10 OS on x86 platforms | 121869 |
Problem: When using the SGD Client in Integrated mode on Microsoft Windows client devices, users might notice that the Start menu entries are not sorted alphabetically.
Cause: This is caused by a Windows feature that adds new items to end of a menu, rather than preserving the alphabetical sorting.
Solution: See Microsoft Knowledge Base article 177482 for details.
Problem: For Microsoft Windows Server 2003 applications, the display color depth on the client device is limited to 8-bit for large screen resolutions. The issue is seen when screen resolutions are higher than 1600 x 1200 pixels.
Cause: A known issue with Windows Server 2003 terminal services sessions.
Solution: See Microsoft Hotfix 942610 for details of how to increase the color depth to 16-bit.